[jira] [Updated] (CXF-5901) Investigate how WebSocket Transport can support CORS

[Sergey Beryozkin (JIRA)]

     [ 
https://issues.apache.org/jira/browse/CXF-5901?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sergey Beryozkin updated CXF-5901:
----------------------------------

    Description: 
AFAIK CORS requirements can be enforced by compliant WebSocket implementations 
such as Atmosphere and that any secure WebSocket server should be capable of 
implementing CORS filters.

The question is: can we reuse CXF JAX-RS CORS filters when working with web 
sockets and when we need to worry about it. I guess it is only an upgrade 
request issue, once the upgrade is done using a wss protocol we have a secure 
channel in place. 

If so then CXF filters will likely do as they will reject the initial upgraded 
request, but the transport may need to discard the upgraded connection in such 
cases.     

  was:
AFAIK CORS requirements can be enforces by compliant WebSocket implementations 
such as Atmosphere and that any secure WebSocket server should be capable of 
implementing CORS filters.

The question is: can we reuse CXF JAX-RS CORS filters when working with web 
sockets and when we need to worry about it. I guess it is only an upgrade 
request issue, once the upgrade is done using a wss protocol we have a secure 
channel in place. 

If so then CXF filters will likely do as they will reject the initial upgraded 
request, but the transport may need to discard the upgraded connection in such 
cases.     


> Investigate how WebSocket Transport can support CORS 
> -----------------------------------------------------
>
>                 Key: CXF-5901
>                 URL: https://issues.apache.org/jira/browse/CXF-5901
>             Project: CXF
>          Issue Type: Task
>          Components: JAX-RS, Transports
>            Reporter: Sergey Beryozkin
>
> AFAIK CORS requirements can be enforced by compliant WebSocket 
> implementations such as Atmosphere and that any secure WebSocket server 
> should be capable of implementing CORS filters.
> The question is: can we reuse CXF JAX-RS CORS filters when working with web 
> sockets and when we need to worry about it. I guess it is only an upgrade 
> request issue, once the upgrade is done using a wss protocol we have a secure 
> channel in place. 
> If so then CXF filters will likely do as they will reject the initial 
> upgraded request, but the transport may need to discard the upgraded 
> connection in such cases.     



--
This message was sent by Atlassian JIRA
(v6.2#6252)